1. Field of the Invention
The present invention relates to a technique for monitoring and controlling communications performed by a computer terminal or the like connected to a network.
2. Related Art
Recently, access from an unauthorized computer to an intranet or the like of a corporation or the like has been prohibited in order to prevent information leakage and proliferation of computer viruses. In addition, access to the intranet from a computer without anti virus software installed thereon is also restricted. For example, when a computer not having regular authorization is connected to a network, all the packet data transmitted from the computer is blocked in the network to prevent access from the computer. In addition, when a computer, which does not have anti-virus software installed thereon, or which does not have the latest virus pattern file applied thereto, is connected to the network, the computer is only allowed to be connected to a server related to the anti-virus software, and only allowed to download the virus pattern file. In this case, access from the computer to the network resources other than the server is prohibited. Moreover, when a computer which does not have the latest patch applied to its operating system (OS) is connected to the network, and if that is detected, then access to the network resources from the computer is also prohibited except for the purpose of downloading the patch.
In Japanese Patent Application Laid-open Publication No. 2006-74705, disclosed is a technique for controlling access to a network from a computer connected to the network, as follows. Specifically, packet data transmitted from the computer is monitored, and when it is determined that communications to be performed by the computer must be restricted, address resolution protocol (ARP) information (an ARP request or an ARP reply) is transmitted to the computer in order for the computer to rewrite its own ARP table, and the packet data from the computer is directed to the address indicated by the ARP information. As a result, the access from the computer to the network is prohibited. In addition, by selectively allowing the packet data from the computer to pass through the network, the access to the network is restricted in this technique.
However, when the amount of a virus pattern file increases, or when the amount of download data of a patch transmitted from the computer whose access to the network is restricted by use of ARP information increases, the monitoring of packet data from other computers connected to the network becomes difficult. However, when a restriction is imposed on access from a computer to the network, and also when the amount of data downloaded by the computer for obtaining virus pattern files and/or patch files for an OS is increased, the monitoring of packet data from other computers connected to the network becomes difficult. Specifically, in order to detect an unauthorized computer, it is necessary to capture packet data (particularly, an ARP request) transmitted from the computer. However, as the amount of download data increases, the probability of the occurrence of an error in capturing packet data becomes higher. Moreover, the transmission of data or the like for controlling connections other than the connection for this purpose becomes difficult. The increase in the amount of download data is more likely to cause an error in capturing packet data, and also makes it difficult to transmit data or the like for controlling connections from computers other than this computer. Accordingly, there is a concern that a functional failure may occur as to the management and the controlling of communications performed by computer terminals connected to the network. Furthermore, as Gigabit Ethernet support has become a standard feature on client computers, and network bandwidth is expected to increase, this functional failure is expected to become more notable.